Data Protection GDPR General Data Protection Regulation Implications
- Slides: 14
Data Protection & GDPR (General Data Protection Regulation) Implications for school staff Wokingham ‘ICT in Schools’ Team
Data Protection Burden? Boredom? (See the notes for more details)
Data Protection… what you need to know http: //whatyouneedtoknow. co. uk/showreel/ https: //www. youtube. com/watch? v=jw. Fo. Me 5 v. E-o
School staff… what you need to know as… Data Subjects Data Users
Mobile phones • Do you receive/forward any emails/messages to your phone? • Do you store any school related information/data on your phone? • Any storage in the cloud? • How are things deleted? • Is ‘remote wipe’ necessary? • Is it encrypted?
USBs & data storage devices • Do you need to use them? • What do you store on them? • Do you delete data when no longer required? • Are they encrypted? • Loss/theft of an unencrypted device is a potential data breach
Laptops & Tablets • Are they encrypted? • What data is stored? • Who else might use? • How is it transported if taken out of school? • Loss/theft of an unencrypted device is a potential data breach
Emails • How/where do you access school email? • Is email encrypted/secure? • Use of personal email accounts? • Check email addresses are correct • How long are emails kept? • Be aware of possible Subject Access Requests and Freedom of Information requests when writing emails
Good practice • Strong password policy (https: //howsecureismypassword. net/) • Secure printing • Clear policy/procedures for remote or homeworking • Immediate removal of access when staff leave • Always locking your screen (Windows+L)
What about these…? • Paper file security, e. g. clear desk policy, locked drawers/cabinets • Have a clear out and check cupboards and drawers for ‘old’ paper or data that should no longer be retained. • Securely delete/destroy any paper or data stored at home?
Data breach – what do I do? • Most common ones in education: • Lost/stolen paperwork or unencrypted computers and memory sticks • Data posted/faxed or e-mailed to the incorrect recipient • Report it at once to the Headteacher and Data Protection Officer (DPO) • Record and report the details of what happened
What does your policy say? Other sources of guidance could be: • Staff Handbook • Acceptable Use Agreements
Staff training • At least every 2 years with updates as necessary • Ongoing awareness raising, e. g. phishing and ransomware, use of online services
The DPO may lead but data protection is a shared responsibility
- General safety regulation
- General safety regulation
- Unifida
- Characteristics of database approach
- Constructivist approach to language learning
- Implication table method
- Nursing implications for synthroid
- Explain the law of multiplicity of evidence
- Eng2d media unit
- Marketing implications
- Tautological implications in discrete mathematics
- Implications math
- Philosphy theories
- Marketing implications
- Nursing implications